debian/patches/unbreak-certificate-auth.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

From 43a633de1cabe77e652125dac394a99ad9cac3b4 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Mon, 14 Mar 2016 16:20:54 +0000
Subject: upstream commit

unbreak authentication using lone certificate keys in
 ssh-agent: when attempting pubkey auth with a certificate, if no separate
 private key is found among the keys then try with the certificate key itself.

bz#2550 reported by Peter Moody

Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966

Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=c38905ba391434834da86abfc988a2b8b9b62477
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1575961
Last-Update: 2016-04-28

Patch-Name: unbreak-certificate-auth.patch
---
 sshconnect2.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/sshconnect2.c b/sshconnect2.c
index b452eae..40facda 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.239 2016/02/23 01:34:14 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.240 2016/03/14 16:20:54 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1224,12 +1224,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
 			    "certificate", __func__, id->filename,
 			    id->agent_fd != -1 ? " from agent" : "");
 		} else {
-			/* XXX maybe verbose/error? */
-			debug("%s: no private key for certificate "
+			debug("%s: no separate private key for certificate "
 			    "\"%s\"", __func__, id->filename);
-			free(blob);
-			buffer_free(&b);
-			return 0;
 		}
 	}